From owner-freebsd-doc@FreeBSD.ORG Mon Jan 9 05:38:25 2006 Return-Path: X-Original-To: freebsd-doc@freebsd.org Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC78416A41F for ; Mon, 9 Jan 2006 05:38:25 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32DB343D45 for ; Mon, 9 Jan 2006 05:38:24 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from flame.pc (patr530-a120.otenet.gr [212.205.215.120]) by kane.otenet.gr (8.13.4/8.13.4/Debian-8) with ESMTP id k095cLVn029658; Mon, 9 Jan 2006 07:38:22 +0200 Received: by flame.pc (Postfix, from userid 1001) id B47B111854; Mon, 9 Jan 2006 07:36:52 +0200 (EET) Date: Mon, 9 Jan 2006 07:36:52 +0200 From: Giorgos Keramidas To: Valmir Filho Message-ID: <20060109053652.GA1114@flame.pc> References: <9310191319.20051215150741@wbrnet.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9310191319.20051215150741@wbrnet.com.br> Cc: freebsd-doc@freebsd.org Subject: Re: Handbook Errata X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2006 05:38:26 -0000 On 2005-12-15 15:07, Valmir Filho wrote: > Doc, > > Readign FreeBSD's Hankbook, specifically the IPFW chapter > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html), > i've found that the following: > > 25.6.3 /etc/rc.conf Options > > If you do not have IPFW ... > > firewall_enable="YES" > > Set the script to run to activate your rules: > > firewall_script="/etc/ipfw.rules" > > My observation is: > > Reading /etc/rc.firewall script i?ve found that the above line > (firewall_script="/etc/ipfw.rules") must be changed to "firewall_type" > and not "firewall_script". Just to clarify this a bit more: As Tom Rhodes has already explained, the firewall_script option is different from firewall_type. Their difference is relatively subtle, but it is described in the rc.conf(5) manpage: firewall_script (str) This variable specifies the full path to the firewall script to run. The default is /etc/rc.firewall. firewall_type (str) Names the firewall type from the selection in /etc/rc.firewall, or the file which contains the local firewall ruleset. Valid selections from /etc/rc.firewall are: open unrestricted IP access closed all IP services disabled, except via ``lo0'' client basic protection for a workstation simple basic protection for a LAN. If a filename is specified, the full path must be given. The rest of the Handbook chapter is written in a style that bypasses the pre-canned firewall rulesets of rc.firewall, using a custom shell script that runs ipfw directly, so firewall_script is correct there. So we don't need to change anything there, for now. Thanks for your willingness to help us improving the docs though. Please keep submitting anything you notice that needs to be fixed :) - Giorgos